CAA: use consistent msg-id: dash instead of underscore (#1763)

bwbroersma · aequitas · commit 3da412180bf8 · 2025-05-26T14:34:59.000+02:00
diff --git a/checks/caa/parser.py b/checks/caa/parser.py
@@ -77,7 +77,9 @@ def validate_issue_validation_methods(parameter_value: str) -> set[str]:
         if validation_method not in ACME_VALIDATION_METHODS and not validation_method.startswith(
             ACME_VALIDATION_CUSTOM_PREFIX
         ):
-            raise CAAParseError(msg_id="invalid_property_issue_validation_method", context={"value": parameter_value})
+            raise CAAParseError(
+                msg_id="invalid-parameter-validation-methods", context={"parameter_value": parameter_value}
+            )
     return validation_methods
 
 
@@ -146,22 +148,22 @@ def validate_property_iodef(value: str):
     try:
         url = urlparse(value)
     except ValueError:
-        raise CAAParseError(msg_id="invalid_property_iodef_value", context={"value": value})
+        raise CAAParseError(msg_id="invalid-property-iodef-value", context={"property_value": value})
     if url.scheme == "https":
         # RFC8659 refers to RFC6546, which is unclear on requirements. Let's assume a netloc is needed.
         if not url.netloc:
-            raise CAAParseError(msg_id="invalid_property_iodef_value", context={"value": value})
+            raise CAAParseError(msg_id="invalid-property-iodef-value", context={"property_value": value})
     elif url.scheme == "mailto":
         if not validate_email(url.path):
-            raise CAAParseError(msg_id="invalid_property_iodef_value", context={"value": value})
+            raise CAAParseError(msg_id="invalid-property-iodef-value", context={"property_value": value})
     else:
-        raise CAAParseError(msg_id="invalid_property_iodef_value", context={"value": value})
+        raise CAAParseError(msg_id="invalid-property-iodef-value", context={"property_value": value})
 
 
 def validate_property_contactemail(value: str):
     """Validate contactemail per CAB BR 1.6.3, requiring a single RFC 6532 3.2 address."""
     if not validate_email(value):
-        raise CAAParseError(msg_id="invalid_property_contactemail_value", context={"value": value})
+        raise CAAParseError(msg_id="invalid-property-contactemail-value", context={"property_value": value})
 
 
 @load_grammar_rulelist()
@@ -212,7 +214,7 @@ def validate_property_contactphone(value: str):
     """Validate contactphone per CAB SC014, requiring an RFC3966 5.1.4 global number."""
     parse_result = PhoneNumberRule("global-number").parse_all(value)
     if not parse_result:
-        raise CAAParseError(msg_id="invalid_property_contactphone_value", context={"value": value})
+        raise CAAParseError(msg_id="invalid-property-contactphone-value", context={"property_value": value})
 
 
 @load_grammar_rulelist()
@@ -241,13 +243,13 @@ def validate_property_issuemail(value: str):
     """Validate issuemail property per RFC9495."""
     parse_result = CAAPropertyIssueMailRule("issuemail-value").parse_all(value)
     if not parse_result:
-        raise CAAParseError(msg_id="invalid_property_issuemail_value", context={"value": value})
+        raise CAAParseError(msg_id="invalid-property-issuemail-value", context={"property_value": value})
 
 
 def validate_flags(flags: int):
     """Validate the flags per RFC8659 4.1, i.e. only allow 0/128"""
     if flags not in [0, 128]:
-        raise CAAParseError(msg_id="invalid_flags_reserved_bits", context={"value": str(flags)})
+        raise CAAParseError(msg_id="invalid-flags-reserved-bits", context={"flags": str(flags)})
 
 
 # https://www.iana.org/assignments/pkix-parameters/pkix-parameters.xhtml#caa-properties
@@ -274,11 +276,11 @@ def validate_caa_record(flags: int, tag: str, value: str) -> None:
     try:
         validator = CAA_PROPERTY_VALIDATORS[tag.lower()]
         if validator is None:
-            raise CAAParseError(msg_id="invalid_reserved_property", context={"value": tag})
+            raise CAAParseError(msg_id="invalid-reserved-property", context={"property_tag": tag})
         validator(value)
     except ParseError as e:
         raise CAAParseError(
-            msg_id="invalid_property_syntax",
+            msg_id="invalid-property-syntax",
             context={
                 "property_name": tag,
                 "property_value": value,
@@ -287,4 +289,4 @@ def validate_caa_record(flags: int, tag: str, value: str) -> None:
             },
         )
     except KeyError:
-        raise CAAParseError(msg_id="invalid_unknown_property", context={"value": tag})
+        raise CAAParseError(msg_id="invalid-unknown-property", context={"property_tag": tag})
diff --git a/checks/caa/retrieval.py b/checks/caa/retrieval.py
@@ -10,7 +10,7 @@
 from checks.resolver import dns_resolve_caa
 from checks.tasks.shared import TranslatableTechTableItem
 
-CAA_MSGID_INSUFFICIENT_POLICY = "missing_required_tag"
+CAA_MSGID_INSUFFICIENT_POLICY = "missing-required-property-issue"
 CAA_TAGS_REQUIRED = {"issue"}
 CAA_MAX_RECORDS = 1000
 
@@ -44,7 +44,7 @@ def __post_init__(self, caa_records: Iterable[CAA]):
 
         missing_tags = CAA_TAGS_REQUIRED - self.caa_tags
         for tag in missing_tags:
-            self.errors.append(TranslatableTechTableItem(CAA_MSGID_INSUFFICIENT_POLICY, {"tag": tag}))
+            self.errors.append(TranslatableTechTableItem(CAA_MSGID_INSUFFICIENT_POLICY, {"property_tag": tag}))
 
     @property
     def score(self) -> int:
diff --git a/checks/caa/tests/test_retrieval.py b/checks/caa/tests/test_retrieval.py
@@ -21,16 +21,16 @@ def test_caa_evaluation():
     evaluation = CAAEvaluation(caa_found=True, canonical_name="example.com", caa_records=caa_records)
     assert evaluation.errors == [
         TranslatableTechTableItem(
-            "invalid_property_syntax",
+            "invalid-property-syntax",
             {
                 "property_name": "issuewild",
                 "property_value": "\x08",
                 "invalid_character_position": 0,
                 "invalid_character": "\x08",
             },
         ),
-        TranslatableTechTableItem("invalid_unknown_property", {"value": "unknown"}),
-        TranslatableTechTableItem("missing_required_tag", {"tag": "issue"}),
+        TranslatableTechTableItem("invalid-unknown-property", {"property_tag": "unknown"}),
+        TranslatableTechTableItem("missing-required-property-issue", {"property_tag": "issue"}),
     ]
     assert evaluation.caa_records_str == ['0 issuewild "\\008"', '0 unknown ";"']
     assert evaluation.caa_tags == {"issuewild", "unknown"}
diff --git a/checks/categories.py b/checks/categories.py
@@ -1341,7 +1341,7 @@ def result_bad(self, tech_data: list[dict[str, str]]):
 
     def result_syntax_error(self, tech_data: list[dict[str, str]]):
         self._status(STATUS_FAIL)
-        self.verdict = "detail web tls caa verdict syntax_error"
+        self.verdict = "detail web tls caa verdict syntax-error"
         self.tech_data = self.add_tech_data_translation_root(tech_data) or ""
 
     def result_insufficient(self, tech_data: list[dict[str, str]]):
@@ -1983,7 +1983,7 @@ def result_bad(self, tech_data: list[dict[str, str]]):
 
     def result_syntax_error(self, tech_data: list[dict[str, str]]):
         self._status(STATUS_FAIL)
-        self.verdict = "detail mail tls caa verdict syntax_error"
+        self.verdict = "detail mail tls caa verdict syntax-error"
         self.tech_data = self.add_tech_data_translation_root(tech_data) or ""
 
     def result_insufficient(self, tech_data: list[dict[str, str]]):
diff --git a/checks/tasks/tls.py b/checks/tasks/tls.py
@@ -895,15 +895,15 @@ def annotate_and_combine_all(good_items, sufficient_items, bad_items, phaseout_i
                 if dttls.caa_enabled:
                     caa_host_message = [
                         TranslatableTechTableItem(
-                            msgid="found_host", context={"host": dttls.caa_found_on_domain}
+                            msgid="found-host", context={"host": dttls.caa_found_on_domain}
                         ).to_dict()
                     ]
                 else:
-                    caa_host_message = [TranslatableTechTableItem(msgid="not_found").to_dict()]
+                    caa_host_message = [TranslatableTechTableItem(msgid="not-found").to_dict()]
                 caa_tech_table = caa_host_message + dttls.caa_errors + dttls.caa_recommendations
                 for record in dttls.caa_records:
                     caa_tech_table.append(
-                        TranslatableTechTableItem(msgid="caa_record", context={"record": record}).to_dict()
+                        TranslatableTechTableItem(msgid="caa-record", context={"record": record}).to_dict()
                     )
                 if not dttls.caa_enabled:
                     category.subtests["web_caa"].result_bad(caa_tech_table)
@@ -1075,14 +1075,14 @@ def annotate_and_combine_all(good_items, sufficient_items, bad_items, phaseout_i
 
             if dttls.caa_enabled:
                 caa_host_message = [
-                    TranslatableTechTableItem(msgid="found_host", context={"host": dttls.caa_found_on_domain}).to_dict()
+                    TranslatableTechTableItem(msgid="found-host", context={"host": dttls.caa_found_on_domain}).to_dict()
                 ]
             else:
-                caa_host_message = [TranslatableTechTableItem(msgid="not_found").to_dict()]
+                caa_host_message = [TranslatableTechTableItem(msgid="not-found").to_dict()]
             caa_tech_table = caa_host_message + dttls.caa_errors + dttls.caa_recommendations
             for record in dttls.caa_records:
                 caa_tech_table.append(
-                    TranslatableTechTableItem(msgid="caa_record", context={"record": record}).to_dict()
+                    TranslatableTechTableItem(msgid="caa-record", context={"record": record}).to_dict()
                 )
             if not dttls.caa_enabled:
                 category.subtests["mail_caa"].result_bad(caa_tech_table)
